Version update

Reviewed-on: #2

CHANGELOG.md

@@ -3,6 +3,28 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.2] - 2023-07-20
+
+- Fixed typo in API call
+
+## [1.0.1] - 2023-06-26
+
+- Updates for production release
+
+## [1.0.0] - 2023-06-26
+
+- Security hardening changes to plugin queries.
+- Re-design of ZGo API callback to support WooCommerce 7.8.0
+
+## [1.0.0-beta.1] - 2023-01-11
+
+- Adjust production server integration
+
+## [1.0.0-beta] - 2023-01-09
+
+- Production server integration.
+- Monitor page look-and-feel enhancements.
+
 ## [0.9.0] - 2023-01-03
 - Integrate ZGo Payments Monitor 
 

ZGoPmtGwy.md

@@ -1,34 +0,0 @@
-
-# Table of Contents
-
-#### What is ZGo Payment Gateway for *WooCommerce*
-#### How it Works?
-#### System Requirements
-#### Installing ZGo Payment Gateway
-
-## What is ZGo Payment Gateway for *WooCommerce*
-
-ZGo Payment Gateway for Woocomerce is a Plugin that allows a WooCommerce based online store, to receive payments using Zcash.
-
-The Plugin connects WooCommerce Online Store with ZGo Backend to provide customers with an easy way to pay using a phone wallet.
-
-## How it Works
-
-The payment flow is showed bellow:
-
-![ZGo PmtService Flow](ZGo_PmtGwy_Flow.png "ZGo PmtService Flow")
-
-Figure 1 – ZGo Payment GateWay Flow
-
-The payment flow showed in Figure 1, includes the transaction confirmation and also marking customer's order as paid in WooComerce store database. ZGo Backend monitors the payment transaction and once it detects at least 5 blockchain confirmations, will report this to ZGo Payment Plugin.
-
-## System Requirements
-
-ZGo Business Account
-
-WooComerce Based Online Store
-
-
-## ZGo Payment Gateway Installation 
-
-### Configuring WooCommerce Store

assets/php/zpmt-stats-page.php

@@ -46,11 +46,13 @@ class zpmt_stats_page {
 				$this->_npages++;
 			}
 
-	      	$sql = 'insert into zgo_pmtlst (pg_ix,pg_page,pg_npages,pg_offset,pg_limit) values (1,' . 
-	      	   $this->_page . ',' .
-	      	   $this->_npages . ',' .
-	      	   $this->_offset . ',' .
-	      	   $this->_limit .')';
+//			$sql = 'insert into zgo_pmtlst (pg_ix,pg_page,pg_npages,pg_offset,pg_limit) values (1,' . 
+//				$this->_page . ',' .
+//				$this->_npages . ',' .
+//				$this->_offset . ',' .
+//				$this->_limit .')';
+
+			$sql =  $wpdb->prepare('insert into zgo_pmtlst (pg_ix,pg_page,pg_npages,pg_offset,pg_limit) values (1,%d,%d,%d,%d);',$this->_page,$this->_npages,$this->_offset,$this->_limit);
 			$wpdb->query($sql);
 		} else {
 	      	// Load last state
@@ -67,7 +69,10 @@ class zpmt_stats_page {
 				if ( $this->_nrows > ($this->_npages*$this->_limit) ) {
 						$this->_npages++;
 				}	
-				$sql = 'update zgo_pmtlst set pg_npages=' . $this->_npages . ' where pg_ix=1';
+
+//				$sql = 'update zgo_pmtlst set pg_npages=' . $this->_npages . ' where pg_ix=1';
+
+				$sql = $wpdb->prepare('update zgo_pmtlst set pg_npages=%d where pg_ix=1;',$this->_npages);
 				$wpdb->query($sql);
 			} 
 		}
@@ -149,21 +154,36 @@ class zpmt_stats_page {
 			//
 			// Save new list state
 			//
-			$sql = 'update zgo_pmtlst set pg_page=' . $this->_page .
-			    ', pg_npages=' . $this->_npages .
-			    ', pg_offset=' . $this->_offset . ' where pg_ix=1;';		
+
+//			$sql = 'update zgo_pmtlst set pg_page=' . $this->_page .
+//			    ', pg_npages=' . $this->_npages .
+//			    ', pg_offset=' . $this->_offset . ' where pg_ix=1;';		
+			
+			$sql = $wpdb->prepare('update zgo_pmtlst set pg_page=%d, pg_npages=
+				%d, pg_offset=%d where pg_ix=1;',$this->_page,$this->_npages,$this->_offset);
 			$wpdb->query($sql);
 		}
 
 		?>
 		<div style="margin-top: 20px;
-				  margin-bottom: 20px;
 		            font-family: Noto Sans;
 		            font-size: 30px;
 		            font-weight: 900;
 		            text-align: center;
 		            color: navy;">
+		<table>
+			<tr>
+				<td>
+				<img src= <?php echo '"' . get_site_url() . '/wp-content/plugins/zgopmtgwy/assets/img/zgowoo-icon.png"';
+	 			      ?>     
+
+	 			     style="width:50px;height:50px;"> 
+	 			</td>
+	 			<td>            
 					ZGo Payment Gateway - Received Payments
+				</td>
+			</tr>
+		</table>	
 		</div>	
 <!--	now output table header -->
 		<div width="100%" 
@@ -221,15 +241,15 @@ class zpmt_stats_page {
   		  	                font-weight: 600;">';
 				}
 				$line++;             
-				print '<td><a href="https://dev.zgo.cash/invoice/' . $row->pmt_orderid . '" target="_blank">' . $row->pmt_orderid . "</a></td>";
-				print "<td>" . $row->pmt_wc_order . "</td>";
-				print "<td>" . $row->pmt_wc_custname . "</td>";
-				print '<td style="text-align:center;">'. $row->pmt_accepted . "</td>";
-				print '<td style="text-align:center;">'.$row->pmt_confirmed ."</td>";
+				print '<td><a href="https://dev.zgo.cash/invoice/' . htmlentities($row->pmt_orderid, ENT_QUOTES) . '" target="_blank">' . htmlentities($row->pmt_orderid, ENT_QUOTES) . "</a></td>";
+				print "<td>" . htmlwntities($row->pmt_wc_order,ENT_QUOTES) . "</td>";
+				print "<td>" . htmlentities($row->pmt_wc_custname, ENT_QUOTES) . "</td>";
+				print '<td style="text-align:center;">'. htmlentities($row->pmt_accepted,ENT_QUOTES) . "</td>";
+				print '<td style="text-align:center;">'.htmlentities($row->pmt_confirmed,ENT_QUOTES) ."</td>";
 				print '<td style="text-align:right;">'. number_format($row->pmt_amount,2) . "</td>";
 				print '<td style="text-align:right;">'. number_format($row->pmt_rate,2) . "</td>";
 				print '<td style="text-align:right;">'. number_format($row->pmt_zec,8) . "</td>";
-				print '<td  style="text-align:center;">'.$row->pmt_wc_paid ."</td></tr>";
+				print '<td  style="text-align:center;">'. htmlentities($row->pmt_wc_paid,ENT_QUOTES) ."</td></tr>";
 			}
 		?> 
 			</table>

zgopmtgwy.php

@@ -1,16 +1,16 @@
 <?php 
 /**
-* Plugin Name: ZGo Payment Gateway
-* Plugin URI: https://vergara.tech' 
-* Description: ZGo latest payment processing solution for Woocommerce. Accept payments using Zcash.
-* Version: 0.9
-* Requires at least: 5.2
-* Requires PHP:      7.2
-* Author: Vergara Tech LLC 
-* Author URI: https://vergara.tech
-* License:           GPL v2 or later
-* License URI:       https://www.gnu.org/licenses/gpl-2.0.html
-**/
+ * Plugin Name: ZGo Payment Gateway
+ * Plugin URI: https://zgo.cash/ 
+ * Description: ZGo latest payment processing solution for Woocommerce. Accept payments using Zcash.
+ * Version: 1.1.1
+ * Requires at least: 5.2
+ * Requires PHP:      7.2
+ * Author: Vergara Tech LLC 
+ * Author URI: https://zgo.cash/
+ * License:           GPL v2 or later
+ * License URI:       https://www.gnu.org/licenses/gpl-2.0.html
+ **/
 
 if ( ! defined( 'ABSPATH' ) ) {
 	exit; // Exit if accessed directly
@@ -93,10 +93,17 @@ function zgopmt_init() {
 
 			if ( ! $this->is_valid_for_use() ) 
 				$this->enabled = false;
+
 			/**
 			 * Add the webhook for payment confirmation from ZGo
 			 */
-			add_action( 'woocommerce_api_zpmtcallback', array($this,'zconfirm'));	
+			//add_action( 'woocommerce_api_zpmtcallback', array($this,'zconfirm'));	
+		}
+
+		public function register_routes() {
+			register_rest_route( 'wc/v3', 'zgocallback', array(
+				'methods' => 'GET',
+				'callback' => array($this,'zgoapicallback')));
 		}
 
 		public function init_form_fields() {
@@ -144,7 +151,7 @@ function zgopmt_init() {
 						'title' => __( 'ZGo OwnerId', 
 						$this->domain ),
 						'type' => 'text',
-	                    'default' => __( ' ', 
+						'default' => __( 'Replace this text with your ZGo Owner ID ', 
 						$this->domain ),
 						'desc_tip' => true,
 						'description' => __( 'Type or paste your ZGo Account Owner Id (Found in your ZGo Shop Settings)', 
@@ -154,7 +161,7 @@ function zgopmt_init() {
 						'title' => __( 'ZGo Token', 
 						$this->domain ),
 						'type' => 'text',
-	                    'default' => __( ' ', 
+						'default' => __( 'Replace this text with your ZGo Token',
 						$this->domain ),
 						'desc_tip' => true,
 						'description' => __( 'Type or paste your ZGo Token (Found in your ZGo Shop Settings)', 
@@ -174,7 +181,7 @@ function zgopmt_init() {
 			if ( isset($this->zgoownerid) && 
 				($this->zgoownerid !== '') ) {
 
-				$url = 'https://test.zgo.cash/auth?ownerid=' .
+				$url = 'https://api.zgo.cash/auth?ownerid=' .
 					$this->zgoownerid . '&token=' .
 					$this->zgotoken . '&siteurl=' .
 					$this->base64url_encode($this->siteURL);
@@ -209,11 +216,11 @@ function zgopmt_init() {
 			global $wpdb;
 
 			$order = wc_get_order( $order_id );
-//   			$wc_order = wc_get_product($order_id);
+			//   			$wc_order = wc_get_product($order_id);
 			$wc_order_key = $order->get_order_key();
 
 
-			$url = 'https://test.zgo.cash/woopayment' .
+			$url = 'https://api.zgo.cash/woopayment' .
 				'?ownerid=' . $this->zgoownerid . 
 				'&token='  . $this->zgotoken .
 				'&order_id=' . $order_id .
@@ -235,34 +242,37 @@ function zgopmt_init() {
 				$body = wp_remote_retrieve_body( $response );
 				$oid = json_decode($body);
 				$zgoOrderid = $oid->{'order'};
+				$zgoOrderToken = $oid->{'token'};
 				// 
 				// Save ZGo Order ID and Cart order 
 				//
-					$sql = "replace into zgo_payments (" .
-					      "pmt_orderid," .
-					      "pmt_wc_order," .
-					      "pmt_wc_custname," .
-					      "pmt_accepted," .
-					      "pmt_confirmed," .
-					      "pmt_amount," .
-					      "pmt_rate," .
-					      "pmt_zec," .
-					      "pmt_wc_paid) values ('" .
-                    	  $zgoOrderid . "','" .
-                    	  $order_id . "','" .
-                    	  $order->get_billing_first_name() . " " . 
-                    	  $order->get_billing_last_name() . "','" .
-                       	  date('Y-m-d H:i:s') . "','',".
-                     	  $order->get_total() . 
-                     	  ",0,0,0)";
-                    $wpdb->query($sql);
+				$sql3 = $wpdb->prepare('replace into zgo_payments (pmt_orderid, pmt_wc_order, pmt_wc_custname, pmt_accepted, pmt_confirmed, pmt_amount, pmt_rate, pmt_zec, pmt_wc_paid) values (%s, %s, %s, %s, %s, %f, 0, 0, 0);',
+					$zgoOrderid, $order_id, $order->get_billing_first_name() . ' ' . $order->get_billing_last_name(), date('Y-m-d H:i:s'), '', $order->get_total());
+				//$sql = "replace into zgo_payments (" .
+				//"pmt_orderid," .
+				//"pmt_wc_order," .
+				//"pmt_wc_custname," .
+				//"pmt_accepted," .
+				//"pmt_confirmed," .
+				//"pmt_amount," .
+				//"pmt_rate," .
+				//"pmt_zec," .
+				//"pmt_wc_paid) values ('" .
+				//$zgoOrderid . "','" .
+				//$order_id . "','" .
+				//$order->get_billing_first_name() . " " . 
+				//$order->get_billing_last_name() . "','" .
+				//date('Y-m-d H:i:s') . "','',".
+				//$order->get_total() . 
+				//",0,0,0)";
+				$wpdb->query($sql3);
 
 				// Remove cart.
 				WC()->cart->empty_cart();
 
 				return array(
 					'result' => 'success',
-					    'redirect' => 'https://dev.zgo.cash/invoice/' . $zgoOrderid,
+					'redirect' => 'https://app.zgo.cash/invoice/' . $zgoOrderid . '?token=' . $zgoOrderToken,
 				);
 				break;
 			case 202:
@@ -279,53 +289,58 @@ function zgopmt_init() {
 		/**
 		 * Confirm payment and complete order
 		 */
-		public function zconfirm() {
+		//public function zconfirm() {
 
-	   		global $wpdb;
+			//global $wpdb;
 
-			$token = $_GET['token'];
-			$zgoOrderid =  $_GET['orderid'];
-			$orderid = $_GET['wc_orderid'];
-			$totalzec = $_GET['totalzec'];
-			$rate = $_GET['rate'];
-			$order = wc_get_order( $orderid );
+			//$token = $_GET['token'];
+			//$zgoOrderid =  $_GET['orderid'];
+			//$orderid = $_GET['wc_orderid'];
+			//$totalzec = $_GET['totalzec'];
+			//$rate = $_GET['rate'];
+			//$order = wc_get_order( $orderid );
 
-			$sql = "select * from zgo_payments where pmt_wc_order = '" . $orderid . "';";
-			$result = $wpdb->get_row($sql,OBJECT);
-			if ( ! is_null($result) ) {
+			//$sql = $wpdb->prepare('select * from zgo_payments where pmt_wc_order = %s ;', $orderid);
+			////$sql = "select * from zgo_payments where pmt_wc_order = '" . $orderid . "';";
+			//$result = $wpdb->get_row($sql,OBJECT);
+			//if ( ! is_null($result) ) {
 
-				if ( ( $token == $this->zgotoken )
-				     && ( $result->pmt_orderid == $zgoOrderid )
-				     && ( $result->pmt_wc_paid == '0' ) ) {      
-					switch ( $order->get_status() ) {
-						case 'pending':
-						case 'failed':
-							$order->payment_complete();
-							$order->reduce_order_stock();
-					      	// 
-					     	//  Mark order as completed in ZGo DB
-					      	//
-							$sql = "update zgo_payments set " .
-							   	"pmt_confirmed='" . date('Y-m-d H:i:s') . 
- 					      		"', pmt_rate=" . $rate . 
- 					      		", pmt_zec=" . $totalzec .
-							   	", pmt_wc_paid=1 " .
-							   	" where pmt_wc_order='" . $orderid . "';";
-		               		$wpdb->query($sql);	
+				//if ( ($token == $this->zgotoken )
+					//&& ( $result->pmt_orderid == $zgoOrderid )
+					//&& ( $result->pmt_wc_paid == '0' ) ) {      
+					//switch ( $order->get_status() ) {
+					//case 'pending':
+					//case 'failed':
+						//$order->payment_complete();
+						//$order->reduce_order_stock();
+						//// 
+						////  Mark order as completed in ZGo DB
+						////
+						////$sql = "update zgo_payments set " .
+						////"pmt_confirmed='" . date('Y-m-d H:i:s') . 
+						////"', pmt_rate=" . $rate . 
+						////", pmt_zec=" . $totalzec .
+						////", pmt_wc_paid=1 " .
+						////" where pmt_wc_order='" . $orderid . "';";
+						//$sql2 = $wpdb->prepare('update zgo_payments set pmt_confirmed = %s, pmt_rate = %f, pmt_zec = %f, pmt_wc_paid = 1 where pmt_wc_order = %s;', date('Y-m-d H:i:s'), $rate, $totalzec, $orderid );
+						//$wpdb->query($sql2);	
 
-							update_option('webhook_debug', $_GET);
-							break;
-						default:
-//						   $this->console_log('Order ' . $orderid . ' already paid or cancelled...');
-						   break;
-					} 
-				} else {
-//					$this->console_log('Invalid parameters...');
-				}
-			} else {
-//				$this->console_log('Database error...');
-			}	
-		}
+						//update_option('webhook_debug', $_GET);
+						//break;
+					//default:
+						////$this->console_log('Order ' . $orderid . ' already paid or cancelled...');
+						//return array("message" => 'Order ' . $orderid . ' already paid or cancelled...');
+						//break;
+					//} 
+				//} else {
+					////$this->console_log('Invalid parameters...');
+					//return array("message" => 'Invalid parameters...');
+				//}
+			//} else {
+				////$this->console_log('Database error...');
+				//return array("message" => 'Database error...');
+			//}	
+		//}
 
 		public function thankyou_page () {
 			if ( $description = $this->get_description() ) {
@@ -346,6 +361,66 @@ function zgopmt_init() {
 			return $edata;
 		}
 
+		public function zgoapicallback($request) {
+			global $wpdb;
+
+			//$token = $_GET['token'];
+			//$zgoOrderid =  $_GET['orderid'];
+			//$orderid = $_GET['wc_orderid'];
+			//$totalzec = $_GET['totalzec'];
+			//$rate = $_GET['rate'];
+			$token = $request->get_param('token');
+			$zgoOrderid = $request->get_param('orderid');
+			$orderid = $request->get_param('wc_orderid');
+			$totalzec = $request->get_param('totalzec');
+			$rate = $request->get_param('rate');
+			$order = wc_get_order( $orderid );
+
+			$sql = $wpdb->prepare('select * from zgo_payments where pmt_wc_order = %s ;', $orderid);
+			//$sql = "select * from zgo_payments where pmt_wc_order = '" . $orderid . "';";
+			$result = $wpdb->get_row($sql,OBJECT);
+			if ( ! is_null($result) ) {
+
+				if ( (hash('sha256',$token) == hash('sha256',$this->zgotoken) )
+					&& ( $result->pmt_orderid == $zgoOrderid )
+					&& ( $result->pmt_wc_paid == '0' ) ) {      
+					switch ( $order->get_status() ) {
+					case 'pending':
+					case 'failed':
+						$order->payment_complete();
+						$order->reduce_order_stock();
+						// 
+						//  Mark order as completed in ZGo DB
+						//
+						//$sql = "update zgo_payments set " .
+						//"pmt_confirmed='" . date('Y-m-d H:i:s') . 
+						//"', pmt_rate=" . $rate . 
+						//", pmt_zec=" . $totalzec .
+						//", pmt_wc_paid=1 " .
+						//" where pmt_wc_order='" . $orderid . "';";
+						$sql2 = $wpdb->prepare('update zgo_payments set pmt_confirmed = %s, pmt_rate = %f, pmt_zec = %f, pmt_wc_paid = 1 where pmt_wc_order = %s;', date('Y-m-d H:i:s'), $rate, $totalzec, $orderid );
+						$wpdb->query($sql2);	
+
+						//update_option('webhook_debug', $_GET);
+						return array('message' => 'Order '. $orderid . ' mark as paid correctly.');
+						break;
+					default:
+						//$this->console_log('Order ' . $orderid . ' already paid or cancelled...');
+						return array("message" => 'Order ' . $orderid . ' already paid or cancelled...');
+						break;
+					} 
+				} else {
+					//$this->console_log('Invalid parameters...');
+					return array("message" => 'Invalid parameters...');
+				}
+			} else {
+				//$this->console_log('Database error...');
+				return array("message" => 'Database error...');
+			}	
+			//return array( 'custom' => 'Data', "request" => $data->get_params() );
+		}
+
+
 	}
 
 	add_filter( 'woocommerce_payment_gateways', 
@@ -371,3 +446,67 @@ function zgopmtlist_plugin() {
 	$plugin->init();
 
 }
+
+function get_custom($data) {
+	global $wpdb;
+
+	//$token = $_GET['token'];
+	//$zgoOrderid =  $_GET['orderid'];
+	//$orderid = $_GET['wc_orderid'];
+	//$totalzec = $_GET['totalzec'];
+	//$rate = $_GET['rate'];
+	$token = $data->get_param('token');
+	$zgoOrderid = $data->get_param('orderid');
+	$orderid = $data->get_param('wc_orderid');
+	$totalzec = $data->get_param('totalzec');
+	$rate = $data->get_param('rate');
+	$order = wc_get_order( $orderid );
+
+	$sql = $wpdb->prepare('select * from zgo_payments where pmt_wc_order = %s ;', $orderid);
+	//$sql = "select * from zgo_payments where pmt_wc_order = '" . $orderid . "';";
+	$result = $wpdb->get_row($sql,OBJECT);
+	if ( ! is_null($result) ) {
+
+		if ( ($token == $this->zgotoken )
+			&& ( $result->pmt_orderid == $zgoOrderid )
+			&& ( $result->pmt_wc_paid == '0' ) ) {      
+			switch ( $order->get_status() ) {
+			case 'pending':
+			case 'failed':
+				$order->payment_complete();
+				$order->reduce_order_stock();
+				// 
+				//  Mark order as completed in ZGo DB
+				//
+				//$sql = "update zgo_payments set " .
+				//"pmt_confirmed='" . date('Y-m-d H:i:s') . 
+				//"', pmt_rate=" . $rate . 
+				//", pmt_zec=" . $totalzec .
+				//", pmt_wc_paid=1 " .
+				//" where pmt_wc_order='" . $orderid . "';";
+				$sql2 = $wpdb->prepare('update zgo_payments set pmt_confirmed = %s, pmt_rate = %f, pmt_zec = %f, pmt_wc_paid = 1 where pmt_wc_order = %s;', date('Y-m-d H:i:s'), $rate, $totalzec, $orderid );
+				$wpdb->query($sql2);	
+
+				//update_option('webhook_debug', $_GET);
+				break;
+			default:
+				//$this->console_log('Order ' . $orderid . ' already paid or cancelled...');
+				return array("message" => 'Order ' . $orderid . ' already paid or cancelled...');
+				break;
+			} 
+		} else {
+			//$this->console_log('Invalid parameters...');
+			return array("message" => 'Invalid parameters...');
+		}
+	} else {
+		//$this->console_log('Database error...');
+		return array("message" => 'Database error...');
+	}	
+	//return array( 'custom' => 'Data', "request" => $data->get_params() );
+}
+
+function plugin_register_rest_apis() {
+	$zgoPlugin = new WC_ZGopmt_Gateway();
+	$zgoPlugin->register_routes();
+}
+add_action( 'rest_api_init', 'plugin_register_rest_apis');