modules/ec_mvmg/gozabocheckout.module

<?php

// $Id: gozabocheckout.module,v 1.37.2.5.2.1.2.12 2007/03/04 12:05:32 gordon Exp $

/********************************************************************
 * Drupal Hooks
 ********************************************************************/

/**
 * Implementation of hook help().
 */
function gozabocheckout_help($section = 'admin/help#gozabocheckout') {

  switch ($section) {
    case 'admin/ecsettings/gozabocheckout':
      return t('<p>This module splits txns into multiple txns and allows each to be paid seperately. Messy.</p>');
  }
}

/**
 * Implementation of menu_hook()
 */
function gozabocheckout_menu($may_cache) {

  $items = array();

  if ( !$may_cache) {
    global $user;
    // only show this for logged in users in their own account pages...they're going to select their payment gateways
    // also show for admin users
    // access => $user->uid means "uid>0" which in turn means "registered user"
    if ( ( ( ( arg(0) == 'user' && arg(1) == $user->uid ) || ( arg(0) == 'user' && arg(1) == $user->name ) ) && user_access('Configure own payment settings') ) 
         || ( arg(0) == 'user' && user_access('Admin payment settings') ) ) {
      $items[] = array(
          'path'     => 'user/' . arg(1) . '/gozaboconfig',
          'title'    => 'Store Settings',
          'callback' => 'configure_gozabo_settings',
          'type'     => MENU_CALLBACK,
          'access'   => $user->uid,
          'weight'   => 9
      );

    }

    // vendors and admins can see this tab (on the my_account page)
    // access => $user->uid means "uid>0" which in turn means "registered user"
    if ( ( ( ( arg(0) == 'user' && arg(1) == $user->uid ) || ( arg(0) == 'user' && arg(1) == $user->name )) && user_access('manage transactions from own store') )
         || ( arg(0) == 'user' && user_access('admin transactions from any store') ) ) {
      $items[] = array(
        'path' => 'user/' . arg(1). '/vendortxns',
        'title' => t('Orders'),
        'callback' => '_gozabo_show_vendor_transaction_list',
        'type' => MENU_CALLBACK ,
        'access' => $user->uid,
        'weight'  => 10
      );
    }

    // txn editor for vendors
    // access => $user->uid means "uid>0" which in turn means "registered user"
    $items[] = array(
      'path' => 'gozabocheckout/edittxn',
      'title' => t('Gozabo Checkout - Edit Txn'),
      'type' => MENU_CALLBACK,
      'access' => $user->uid,
      'callback' => '_gozabo_edittxn'
    );


    // this one shows the buyer their order history
    // access => $user->uid means "uid>0" which in turn means "registered user"
    $items[] = array(
      'path' => 'gozabocheckout/showtxns',
      'title' => t('Gozabo.com Checkout'),
      'callback' => '_gozabo_show_transaction_list',
      'type' => MENU_CALLBACK ,
      'access' => $user->uid
    );

    // txn cancellation for buyers
    // access for registered users...will check uid vs. mvmgtxnid when we get to the callback.
    $items[] = array(
      'path' => 'gozabocheckout/buyercanceltxn',
      'title' => t('GoZabo Checkout - Cancel Txn'),
      'callback' => '_gozabo_buyer_cancel_txn',
      'type' => MENU_CALLBACK,
      'access' => $user->uid
    );

  // handle our custom payments (using ec_mvmg as a transaction and ec_transaction_product as the goods)
  // supported payment methods come from ec_mvmg_userstore_settings

    // access => $user->uid means "uid>0" which in turn means "registered user"
      $items[] = array(
        'path' => 'gozabocheckout/paypal',
        'title'=> t('Paypal Payment Screen'),
        'type' => MENU_CALLBACK,
        'callback' => 'gozabo_payment_processor_paypal',
        'access' => true
      );

    $items[] = array(
      'path' => 'gozabocheckout/cod',
      'title' => t('Gozabo.com C.O.D. Payment Screen'),
      'callback' => '_gozabo_show_cod_payment_form',
      'type' => MENU_CALLBACK ,
      'access' => true
    );

    // temp function to handle roles upgrade testing
    // also added a function to buyer's order histor to click on for this
    $items[] = array(
      'path' => 'gozabocheckout/ecroles',
      'title' => t('Gozabo.com Roles'),
      'callback' => '_gozabo_roles_processor',
      'type' => MENU_CALLBACK ,
      'access' => true
    );


  }

  if ($may_cache) {
    $items[] = array(
      'path' => 'gozabocheckout/ipn', 
      'title' => t('GozaboCheckout IPN'),
      'callback' => 'gozabocheckout_ipn', 
      'access' => true, 
      'type' => MENU_CALLBACK
    );
    $items[] = array(
      'path' => 'admin/ecsettings/gozabocheckout',
      'title' => 'gozabocheckout',
      'callback' => 'drupal_get_form',
      'callback arguments' => 'gozabocheckout_ec_settings',
      'access' => user_access('administer store'),
      'type' => MENU_NORMAL_ITEM,
      'description' => t('Configuration for the gozabocheckout payment gateway'),
    );
  }
  return $items;
}

function _gozabo_show_cod_payment_form() {
  $output = drupal_get_form('cod_payment_form');
  return $output;
}

function check_parent_txn_for_completion( $mvmgtxnid ) {
  $statement = "SELECT txnid FROM ec_mvmg WHERE mvmgtxnid = $mvmgtxnid";
  $row = db_fetch_array( db_query( $statement ));
  $txnid = $row['txnid'];

  // get status for all ec_mvmg's with txnid = $row['txnid']
  $statement = "SELECT COUNT(*) as thecount FROM ec_mvmg WHERE txnid = " . $txnid . " AND payment_status = 1";
  $row = db_fetch_array( db_query( $statement ));
  if ( !$row['thecount'] ) {
    $statement = "UPDATE ec_transaction SET payment_status=" . payment_get_status_id('payment received') . " WHERE txnid=" . $txnid;
  }
}

function cod_payment_form_submit( $form_id, $form_values ) {
  global $user;
  // 1. set payment status to 7 (payed by not confirmed)
  // 2. deliver info to the seller
  // 3. check the parent txn in ec_transation...if they're all done Pending then update that one t the lowest status number
  // 4. route the user back to their transaction list.

  $mvmgtxnid = arg(2);

  // 1. set payment status to 7 (payed but not confirmed)
  $statement = "UPDATE ec_mvmg SET payment_status=" . payment_get_status_id('payment received') . " WHERE mvmgtxnid=$mvmgtxnid";
  //print $statement;
  $sth = db_query( $statement ) or exit("ERROR WITH $statement");
  
  // 2. deliver info to the seller
  $statement = "
    SELECT
      m.*,
      u.uid AS u_uid,
      u.mail AS u_mail,
      u.name AS u_name
    FROM ec_mvmg m LEFT JOIN users u ON u.uid = m.vendor WHERE mvmgtxnid = $mvmgtxnid
  ";
  //print "<BR>".$statement;
  $mvmg_row = db_fetch_array( db_query( $statement ) ); 
  if ( !isset($mvmg_row['uid']) || $mvmg_row['uid'] != $user->uid ) {
    drupal_set_message("Transaction $mvmgtxnid doesn't belong to you (" . $user->uid . ").",'error');
    return '';
  }
  //print"<PRE>";print_r($mvmg_row);exit;
  $mailbody = "User " . $user->uid . " made a purchase from your GoZabo.com store.  Please login and process the purchase.\n\n";
  if ( $form_values['contact_phone'] == 1) {
    $mailbody .= "If necessary, buyer has requested you contact them by phone at:" . $form_values['phone'] . "\n";
  }
  if ( $form_values['contact_email'] == 1) {
    $mailbody .= "Contact them by email at " . $user->mail . "\n";
  }
  if ( $form_values['message'] ) {
    $mailbody .= 'The buyer has also left you the following note: ' . $form_values['message'] . "\n";
  }
  drupal_mail("codpayment_$mvmgtxnid",$mvmg_row['u_mail'],"GoZabo.com: COD Payment for Transaction $mvmgtxnid",$mailbody,$user->mail);

  // 3. check the parent txn in ec_transation...if they're all done Pending then update that one t the lowest status number
  check_parent_txn_for_completion( $mvmgtxnid );

  // 3 & 1/2. Product api hook to allow for inventory mgmt (and other fun stuff)
  drupal_set_message("Message delivered.  The seller will contact you shortly.");
  _gozabo_completion_callback( $mvmgtxnid );

  // 4. route the user back to their transaction list.
  drupal_goto('gozabocheckout/showtxns');
}

function cod_payment_form() {
  // C.O.D. payment requires that the user confirms their desire to buy with an email to the vendor
  // after that, it's as simple as updating the status to 7 (payed but not confirmed)
  global $user;

  $mvmgtxnid = arg(2);

  // print "<PRE>"; print_r( $user ); print "</pre>"; exit;

  // first off make sure that the user calling this page is the user who owns the mvmgtxn
  // die if not
  $mvmg_row = db_fetch_array( db_query( "SELECT * FROM ec_mvmg WHERE mvmgtxnid = $mvmgtxnid " ) ); 
  if ( !isset($mvmg_row['uid']) || $mvmg_row['uid'] != $user->uid ) {
    drupal_set_message("Transaction $mvmgtxnid doesn't belong to you (" . $user->uid . ").",'error');
    return '';
  }

  $form['#redirect'] = FALSE;
  $form['pretext'] = array(
    '#prefix' => '<h1>C.O.D. Payment</h1><P>Transaction ID: mvmg' . $mvmgtxnid . '</p><P>',
    '#value'  => 'The C.O.D. method of payment requires that you contact the seller to arrange payment.  Please fill out the form below.  <strong>All fields are required.</strong>',
    '#suffix' => '<P>'
  );

  // for confirmation 
  /* UPDATE: dont' even need this stuff...
  $form['buyer_uid'] = array(
    '#type' => 'value',
    '#value' => $user->uid
  );

  $form['buyer_email'] = array(
    '#type' => 'value',
    '#value' => $user->mail
  );

  $form['seller_uid'] = array(
    '#type' => 'value',
    '#value' => $mvmg_row['vendor']
  ); */

  $form['message'] = array(
      '#type' => 'textarea',
      '#title' => t('Message to seller'),
      '#cols' => 45,
      '#rows' => 5,
      '#description' => t('Please include instructions to the seller here.'),
  );

  $form['contact_phone'] = array(
    '#type' => 'checkbox',
    '#title' => 'Seller may contact me by phone',
  );

  $form['phone'] = array(
    '#type' => 'textfield',
    '#title' => 'Your phone number',
    '#size' => 30,
    '#maxlength' => 64,
    '#description' => '(optional)'
  );

  $form['contact_email'] = array(
    '#type' => 'checkbox',
    '#title' => 'Seller may contact me by email',
  );

  $form['submit'] = array(
    '#type' => 'submit',
    '#value' => 'Submit'
  );

  return $form;

}

function configure_gozabo_settings() {
  $output = drupal_get_form('gozabo_store_settings');
  return $output;
}

function gozabo_store_settings_submit( $form_id, $form_values ) {
  global $user;

 //print "<PRE><h1>form values:</h1>";print_r($form_values);print "<HR>";print_r($user);print "</pre>";exit;

  // insert or update?
  $statement = "SELECT COUNT(*) AS thecount FROM {ec_mvmg_userstore_settings} WHERE uid = %d";
  $sth = db_query( $statement, $user->uid );
  $result = db_fetch_object( $sth );

  if ( $result->thecount > 0  ) {
    // update this record
    $statement = "UPDATE ec_mvmg_userstore_settings 
                  SET 
                    paypal_enabled = " . $form_values['paypal_enabled'] . ", 
                    cod_enabled = " . $form_values['cod_enabled'] . ", 
                    receiver_email='" . $form_values['receiver_email'] . "', 
                    currency='" . $form_values['currency']  . "', 
                    ipn_debug='" . $form_values['ipn_debug'] . "' 
                  WHERE uid = " . $user->uid;
    //print $statement;exit;
    if ( ! db_query( $statement ) ) {
      drupal_set_message('Error with db_query:' . db_error()  .'<HR>$statement','error');
    };
    
    drupal_set_message('The updates to your settings have been saved.');
  }
  else {
    // insert a new record
    $statement = "INSERT INTO {ec_mvmg_userstore_settings} (uid,paypal_enabled,cod_enabled,receiver_email,currency,ipn_debug) VALUES (".$user->uid.",".$form_values['paypal_enabled'].",".$form_values['cod_enabled'].",'" . $form_values['receiver_email'] . "','" . $form_values['currency'] . "','" . $form_values['ipn_debug'] . "')";
    //print $statement;exit;
    if ( ! db_query( $statement) ) {
      drupal_set_message('Error with db_query:' . db_error() ,'error');
    };
    drupal_set_message('Your GoZabo store settings have been stored for the first time');
  }
}

function gozabo_store_settings() {
  global $user;
  $g = array();

  $statement = "SELECT * FROM ec_mvmg_userstore_settings WHERE uid = %d";
  $sth = db_query( $statement, $user->uid );
  if ( db_num_rows( $sth ) ) {
    $g = db_fetch_array( $sth );
  }
  /* else {
    drupal_set_message("This is your first time on this form.  Please read the options and instructions carefully.");
  } */
  
  // set our default values
  if ( !isset( $g['uid'] ) ) { $g['uid'] = $user->uid; }
  if ( !isset( $g['paypal_enabled']  ) ) { $g['paypal_enabled'] = 0; }
  if ( !isset( $g['cod_enabled']  ) ) {  $g['cod_enabled'] = 0; }
  if ( !isset( $g['receiver_email']  ) ) {  $g['receiver_email']  = $user->mail; }
  if ( !isset( $g['currency']  ) ) {  $g['currency']= 'USD'; }
  if ( !isset( $g['ipn_debug']  ) ) {  $g['ipn_debug'] = 'Enabled'; }
  //drupal_set_message( "<PRE>" . sprint_r($g) . "</pre>" );

	$form['#redirect'] = FALSE;

  $form['pretext'] = array(
		'#prefix' => '<div id="gzpaypal_form_prefix_text">',
		'#value'  => '<P>Please select payment methods you will accept.</p>
                  <P><strong>IMPORTANT NOTE:</strong> If you are enabling paypal, you must first setup and configure a paypal account 
                  with Instant Payment Notification. </p>
                  <P>How do I add the IPN link to my PayPal Account?:  Go to your PayPal profile (at <a href="http://www.paypal.com/">paypal.com</a>) 
                  under "selling preferences" and then click on the <i>"Instant Payment Notification"</i> link.   There you should enter 
                  an IPN URL of http://www.gozabo.com/gozabocheckout/ipn/' . $user->uid , 
		'#suffix' => '</div>'
  );

  // declare a fieldset for paypal settings..collapse if paypal is disabled
  $form['paypal'] = array(
    '#type' => 'fieldset',
    '#title' => 'Paypal Gateway Settings',
    '#collapsible' => TRUE,
  );
  //if ( $g['paypal_enabled'] ) {
    $form['paypal']['#collapsed'] = FALSE;
  //}
  //else {
    //$form['paypal']['#collapsed'] = TRUE;
  //}

  $options = array('1' => t('Yes'), '0' => t('No'));
  // are we using paypal at all?
  $form['paypal']['paypal_enabled'] = array(
    '#type' => 'radios',
    '#title' => t('Accept Payments through Paypal?'),
    '#default_value' =>  $g['paypal_enabled'],
    '#options' => $options,
    '#description' => t('If you have a standard paypal account and wish to accept payments using that method, select "Yes." Please <a href="http://www.paypal.com/">open your Paypal account</a> <i>before</i> enabling this payment method.'),
  );

  // who gets the emails upon receipt?  Should be me but might be something/someone else.
  $form['paypal']['receiver_email'] = array(
    '#type' => 'textfield',
    '#title' => t('Receiver Email'),
    '#default_value' => $g['receiver_email'],
    '#size' => 30,
    '#maxlength' => 255,
    '#description' => t('Primary email address of the payment recipent. This is also your main paypal email address.'),
  );

  // this url is provided by Paypal
  /*  THESE 4 fields are hard-coded for gozabo.com
  $form['paypal']['processing_url'] = array(
    '#type' => 'textfield',
    '#title' => t('PayPal processing URL'),
    '#description' => t('URL of the secure payment page customers are sent to for payment processing.'),
    '#default_value' => $g['processing_url'],
    '#size' => 30,
    '#maxlength' => 255,
  );

  // where do we send them after payment? (back to their order history, thank you very much)
  // make this hidden after testing...
  $form['paypal']['post_payment_url'] = array(
    '#type' => 'textfield',
    '#title'=> t('Post Payment URL (user should NOT CHANGE THIS)'),
    '#default_value' => 'gozabocheckout/cleartxn',
  );

  // what if they cancel mid-stream?
  // hidden, sends them to their order history.
  $form['paypal']['post_cancel_url'] = array(
    '#type' => 'hidden',
    '#value' => 'gozabocheckout/showtxns'
  );

  // IPN url for paypal requestback payments
  // this TOO should be hidden and include the uid
  $form['paypal']['ipn_url'] = array(
    '#type' => 'textfield',
    '#title' => t('IPN URL'),
    '#default_value' => 'http://www.paypal.com/cgi-bin/webscr'
  ); 
  */

  $currency_codes = array(
    'USD' => 'USD - U.S. Dollars',
    'EUR' => 'EUR - Euros',
    'AUD' => 'AUD - Australian Dollars',
    'CAD' => 'CAD - Canadian Dollars',
    'GBP' => 'GBP - Pounds Sterling',
    'JPY' => 'JPY - Yen',
    'NZD' => 'NZD - New Zealand Dollar',
    'CHF' => 'CHF - Swiss Franc',
    'HKD' => 'HKD - Hong Kong Dollar',
    'SGD' => 'SGD - Singapore Dollar',
    'SEK' => 'SEK - Swedish Krona',
    'DKK' => 'DDK - Danish Krone',
    'PLN' => 'PLN - Polish Zloty',
    'NOK' => 'NOK - Norwegian Krone',
    'HUF' => 'HUF - Hungarian Forint',
    'CZK' => 'CZK - Czech Koruna'
  );
  
  $form['paypal']['currency'] =  array( 
    '#type' => 'select', 
    '#title' => t('Currency code'),
    '#default_value' => $g['currency'],
    '#options' => $currency_codes, 
    '#description' => t('The currecy code that PayPal should process the payment in.'),
  );
  $form['paypal']['ipn_debug'] =  array( 
    '#type' => 'radios', 
    '#title' => t('Debug Instant Payment Notification (IPN)'), 
    '#default_value' => $g['ipn_debug'],
    '#options' => array(t('Disabled'), t('Enabled')),  
    '#description' => t('If enabled, you\'ll receive an email whenever IPN is activated on your site.')	
  );
  /* $form['paypal']['min_amount'] =  array( 
    '#type' => 'textfield', 
    '#title' => t('Minimum purchase amount'),
    '#default_value' => variable_get('gozabocheckout_min_amount', '5.00'), 
    '#size' => 10, 
    '#maxlength' => 10, 
    '#description' => t('What is the minimum amount an user must purchase for when checking out with Paypal?')	
  ); */


  // cod requiers very few settings. :)
  $form['cod_enabled'] = array(
    '#type' => 'radios',
    '#title' => t('Accept C.O.D. / User-Negotiated Payment?'),
    '#default_value' =>  $g['cod_enabled'],
    '#options' => $options,
    '#description' => t('If you wish to be contacted by the buyer who can setup manual payment, please select "Yes."  This is a simple way to get your store up and running as it requires no special settings.'),
  );

	$form['submit'] = array (
		'#type' => 'submit',
		'#value' => 'Save Settings'
	); 

  //drupal_set_message("<PRE>".sprint_r($form)."</pre>");

  return $form;
}

function gozabocheckout_perm() {
	return array('Configure own payment settings','Admin payment settings','manage transactions from own store','admin transactions from any store');
}


function gozabocheckout_paymentapi(&$txn, $op, $arg = '') {
  switch ($op) {
    case 'display name':
      return t('GoZaboCheckout');

    case 'on checkout':
      //print "<H1>ah ha</h1>";exit;
      gozabocheckout_verify_checkout($txn);
      break;

    case 'payment page':
      // now we have a full txn (cart is empty) and it's time to start hackin'
      $owner_sorted_txn = _gozabo_txn_to_owners( $txn );
  
	    //STRATEGY:
	    //1) Let it store the txn, use our custom payment method to create new mini-transactions in ec_mvmg_* tables (copy the address from the main one)
	    _gozabo_txn_create( $owner_sorted_txn, $txn );
	    //2) Need the parent txn id as a state variable so that we know which txns to show the user who is purchasing right now
	    //3) Use the parent txn id as a key against our mini txns and show them all (with status and approved payment methods)
	    //4) Process individual mini txns, alter their status, when all are marked "cleared" (or whatever) set the parent to completed as well 

	    //NOTE:If you want to debug better, comment out the code in cart.module->cart_empty()
      //      ...then your cart's never empty and you can keep on going to the payment page. :)

      //print "<PRE><H1>ORIGINAL TXN:</h1>\n"; print_r($txn);print"\n<H1>OWNER OBJECT:</h1>\n\n\n";print_r($owner_sorted_txn);exit;

      // this is from the original paypal module...basically it says "Hey, if they owe $, send them off to handle it...."
      // because this sends the full txn over, we have all we need to complete steps 2-4 from the strategy above.

      _gozabo_show_transaction_list();
      break;
    }
}

function _gozabo_show_transaction_list() {
  global $user;

  $output = '';
  //$output .= "<PRE>" . sprint_r( $GLOBALS ) . "</PRE>";
  // this function pulls all ec_mvmg transactions that exist, merges them with vendor info (and available payment gateways for those specific vendors)
  // then it allows you to 

  //sometimes this function is called from a url (gozabocheckout/showtxns) and sometimes from a functioncall in the payment api
  // behave slightly differently based on that.
  $expand_these = array();
  // fuggaduboutid...expand unfinished txns all the time lest we confuse the populace
  //if ( arg(0) == 'cart' ) {
    // in all other cases, expand none
    // in this case expand those transactions that are unpaid (payment_status=1)
    //you get a full list of payment status values from payment_build_status()
    $expand_these =  _get_mvmgtxnids('1',$user->uid);
  //}

  //inefficient....just did a full select against this table with similar criteria.
  $statement ="SELECT * FROM ec_mvmg WHERE uid = $user->uid ORDER BY payment_status, vendor, created DESC" ;
  //drupal_set_message("$statement");
  $sth = db_query($statement ) or exit("ERROR WITH $statement");

  $title = 'You have ' . db_num_rows( $sth ) . ' transactions in the system. ';

  $output .= "<table class='mvmg_txn_table'>";
  $output .= "<TR><TH></th><TH>Order #</tH><TH>Date</th><TH>Vendor</th><TH>Status</th></tr>";

  $current_status='';

  drupal_add_css( drupal_get_path('module','gozabocheckout') . '/gozabocheckout.css');
  drupal_add_js( drupal_get_path('module','gozabocheckout') . '/gozabocheckout.js');

  while ( $row = db_fetch_array( $sth ) ) {
    $output .= "<TR class='gozabo_showhide_row'>";
    $output .= "<TD><a href='#' class='showhide'>Show/Hide</a></td>\n";
    $output .= '<TD>' . $row['mvmgtxnid'] . '</td>';
    $output .= "<TD style='white-space: nowrap;'>" . format_date( $row['created'],'short' ) . "</td>\n";
    $output .= "<TD>" . _gozabo_vendor_name( $row['vendor'] ) . "(" . $row['vendor'] . ")</td>\n";
    $output .= "<TD>" . payment_get_status( $row['payment_status'] ) . "</td>\n";
    // not showing grss because we haven't calc'ed it yet. :)
    // $output .= "<TD>$" . $row['gross']. "</td>\n</tr>\n";
    if ( isset( $expand_these[ $row['mvmgtxnid'] ] ) ) {
      // expand this now...
      $output .= "<TR class='details showing'><TD colspan=5>" . _gozabo_mvmg_details( $row['mvmgtxnid'], $row['payment_status'] ) . "</td></tr>\n";
    }
    else {
      $output .= "<TR class='details'><TD colspan=5>" . _gozabo_mvmg_details( $row['mvmgtxnid'], $row['payment_status'] ) . "</td></tr>\n";
    }
  }

  $output .= '</table>';


  $the_box = theme_box($title,$output,'main');
  print theme('page', $the_box );

  exit;
}

function _gozabo_vendor_name( $uid ) {
  $statement = "SELECT name FROM users WHERE uid=$uid";
  $sth = db_query( $statement );
  $row = db_fetch_array( $sth );
  return $row['name'];
}

function _gozabo_sku_getter($nid) {
  $statement =  "SELECT sku FROM ec_product WHERE nid = $nid " ;
  $prod = db_fetch_array( db_query($statement) );
  //drupal_set_message("<PRE>$statement</pre>");
  //drupal_set_message("<PRE>" . sprint_r($prod) . "</pre>");
  return $prod['sku'];
}

function _gozabo_mvmg_detail_query( $mvmgtxnid ) {
  $statement = "
   SELECT
      m.mvmgtxnid,
      m.txnid AS m_txnid,
      m.txnid AS txnid,
      m.uid AS purchaser_uid,
      m.vendor AS vendor_uid,
      m.prod,
      m.payment_status,
      m.payment_date,
      tp.nid,
      tp.title,
      tp.price,
      tp.qty,
      tp.data,
      tp.txnid AS tp_txnid
      ,node.uid
      ,users.name 
    FROM ec_mvmg m, 
         ec_transaction_product tp, 
         node, 
         users 
    WHERE 
        m.mvmgtxnid = $mvmgtxnid 
        AND tp.txnid = m.txnid 
        AND node.nid = tp.nid 
        AND users.uid = node.uid 
        AND users.uid = m.vendor  "; // //$returner .= '<PRE>' . $statement . '</PRE>';

  $sth = db_query( $statement );

  //watchdog('gozabocheckoug',"DETAILs: $mvmgtxnid<BR><PRE>$statement</pre>");
  if ( ! db_num_rows( $sth ) ) {
    watchdog('gozabocheckout',"ZERO ROW DETAIL REQUEST $mvmgtxnid<P>Statement returned zero rows.  That means a vendor and a purchaser have an error showing up because of the following: \n<PRE>$statement</pre>");
  }

  return $sth;
}

function _gozabo_mvmg_details( $mvmgtxnid,$status=0,$showops=1 ) {
  // so the mvmgtxnid we were passed is either our purchase or our sale.
  // determine which
  global $user;
  $returner = '<BR>';
  $sth = _gozabo_mvmg_detail_query( $mvmgtxnid );
  if ( ! db_num_rows( $sth ) ) {
    // this happens when the product is deleted ... transactions aren't 
    // removed upon product deletion, because transactions aren't removed, 
    // ec_mvmg doesn't get updated either.
  
    // what were the products supposed to be?
    $temp = db_fetch_array( db_query( "SELECT prod FROM ec_mvmg WHERE mvmgtxnid = $mvmgtxnid "));
    if ( isset( $temp['prod'] ) ) {
      drupal_set_message("Transaction ec_mvmg.$mvmgtxnid is corrupt (no products sold, looking for products: " . $temp['prod'] . ").",'error');
    }
    else {
      drupal_set_message("Transaction ec_mvmg.$mvmgtxnid is corrupt (no transaction record found).",'error');
    }

    return '<strong>Broken Transaction.</strong>   <P>Please contact customer service.  this error usually appears because the product(s) making up this transaction have been deleted from the system</p><P>It is probably ok to remove this transaction from the system.</p>';

    // debugging here...txn exists but no products?!
    // MENTAL NOTE: CHANGING OWNER (NODE.UID) OF A PRODUCT BREAKS EC_MVMG
    /* 
    $statement = "SELECT txnid FROM ec_mvmg WHERE mvmgtxnid = $mvmgtxnid";
    $temp_sth = db_query( $statement );
    $temp_row = db_fetch_array( $temp_sth );
    drupal_set_message("Perhaps it's a role-based purchase?  
                        Try again without ec_transaction_product<PRE>" . 
                        sprint_r( store_transaction_load( $temp_row['txnid'] ) ) . "</pre>");
    */
  }
  $counter=0;
  $subtotal = 'err';
  $first_row = array();
  while ($row = db_fetch_array( $sth ) ) {
    if ( $counter == 0 ) {
      // first pass....
      $subtotal = _gozabo_store_transaction_calc_gross( $row );
      $first_row = $row;
    }
    $this_gross = $row['price'] * $row['qty'];
    $returner .= "<div class='gozabo_txn_product_row'>" . $row['title'] . ' ($' . $row['price'] . ' x ' . $row['qty'] . ' = $' . number_format($this_gross,2) . ') - SKU: ' . _gozabo_sku_getter($row['nid']) . '</div>';
    $counter++;
  }
  $returner .= "<div class='gozabo_txn_total_text'>TOTAL: $" . number_format($subtotal,2) . "</div>";

  // need this stuff later....
  $row = $first_row;


  // so who are we?  purchaser or vendor?
  if ( $user->uid == $row['vendor_uid'] ) {
    //drupal_set_message('You are the vendor!');
    // vendors want to see the status (which shows in the parent table) and have options to change the status, message their buyers
    $returner .= "<BR>Operations: [ <a href='" .url("gozabocheckout/edittxn/$mvmgtxnid") . "'>View/Ship/Edit</a> | <a href='" .url('user/' . $row['purchaser_uid'] .'/contact') . "'>Contact Purchaser</a> ]\n";
    
  }
  elseif ($user->uid == $row['purchaser_uid'] ) {
    //drupal_set_message('You are the purchaser!');
    // they need to pay...show choices, act accordingly
    if ( $status == 1 ) {
      // get the seller's settings
      $store_settings = _gozabo_userstore_settings_retrieve( $mvmgtxnid );
      $returner .= '<div class="gozabo_payment_buttons"><h4>Pay Now (select method): </h4>';
  
      // figure out available payment methods
      $payment_methods = array();
      if ( isset( $store_settings['paypal_enabled'] ) && $store_settings['paypal_enabled'] == 1 ) {
        $payment_methods[] =  "<a onclick='return confirm(\"You will now leave GoZabo.com to process your payment at Paypal.com\")' href='" . url("gozabocheckout/paypal/$mvmgtxnid") . "'><img src='/sites/all/modules/custom/ec_mvmg/img/paypalbutton.gif' alt='Paypal Payment'></a>";
      }
      if ( isset( $store_settings['cod_enabled'] ) && $store_settings['cod_enabled'] == 1 ) {
        //$payment_methods[] =  "<a id='$mvmgtxnid' class='cod_form_show' href='#'>C.O.D.</a>";
        $payment_methods[] =  "<a href='" . url("gozabocheckout/cod/$mvmgtxnid") . "'><img src='/sites/all/modules/custom/ec_mvmg/img/CODbutton.gif' alt='COD Payment'></a>";
      }
  
      $returner .= join('&nbsp;', $payment_methods);
      $returner .= "</div>";
  
    }
    // they've already paid, show status
    else {
      $returner .= "<div class='gozabo_status_text'>Status = " . payment_get_status( $row['payment_status'] ) . "</div>";
    }
    if ( $showops ) {
      //$returner .= "<BR>Operations: [ ";
      $returner .= "<div class='gozabo_buyer_ops_list'>";
      //if ( $user->name == 'testbuyer' ) {
        //$returner .= "<a href='" . url('gozabocheckout/ecroles/' . $row['mvmgtxnid'] ) . "'>Secret Button</a> | ";
      //}
      $returner .= "<a href='" . url('user/' . $row['vendor_uid'] . '/contact') . "'>Contact Seller</a>";

      // only allow cancelation of pending txns
      if ( payment_get_status_id('pending') == $row['payment_status'] ) {
        $returner .= " | <a href='" . url('gozabocheckout/buyercanceltxn/' . $mvmgtxnid ) . "'>Cancel Transaction</a>";
      }

      $returner .= "</div>";
    }
  }
  else {
    drupal_set_message('There is a problem.  You are user ' . $user->uid . ' but that is not the vendor (' . $row['vendor_uid'] . ') or purchaser (' . $row['purchaser_uid'] . ') of this transaction! Please contact customer support.<PRE>' . sprint_r($row) . "</pre>",'error');
    return '';
  }

  $returner .= "<BR><BR>";
  return $returner;

}

function _gozabo_userstore_settings_retrieve( $mvmgtxnid ) {
  $statement = "SELECT * FROM ec_mvmg_userstore_settings LEFT JOIN ec_mvmg ON ec_mvmg.vendor = ec_mvmg_userstore_settings.uid WHERE ec_mvmg.mvmgtxnid = $mvmgtxnid";
  $sth = db_query( $statement );
  $result = db_fetch_array( $sth );
  //drupal_set_message( "$statement<BR><PRE>" . sprint_r( $result ) . "</pre>");
  return $result;
}

function _get_mvmgtxnids($status,$uid) {
  $sth = db_query( "SELECT mvmgtxnid FROM ec_mvmg WHERE uid = $uid AND payment_status = $status ORDER BY payment_status, created DESC" );
  $return_list = array();
  while ( $row = db_fetch_array( $sth ) ) {
    $return_list[ $row['mvmgtxnid'] ] = 1;
  }
  return $return_list;
}

/**
 * Implementation of hook_ec_transactionapi().
 */
function gozabocheckout_ec_transactionapi(&$txn, $op, $a3 = NULL, $a4 = NULL) {
  if ($txn->payment_method != 'gozabocheckout') return NULL;
  switch ($op) {
    case 'load':
      $txn->payment = db_fetch_object(db_query("SELECT * FROM {ec_mvmg} WHERE txnid = %d", $txn->txnid));
      break;
    case 'insert':
    case 'update':
      gozabocheckout_save($txn);
      break;
    case 'delete':
      gozabocheckout_delete($txn);
      break;
  }
}

function gozabocheckout_verify_checkout($txn) {
  $estimate = store_transaction_calc_gross($txn);
  if (variable_get('gozabocheckout_min_amount', '5.00') > $estimate) {
    form_set_error('gross', t('Your purchase total must be at least %min-purchase-amount for Paypal purchases.', array('%min-purchase-amount' => payment_format(variable_get('gozabocheckout_min_amount', '5.00')))));
  }
}

function gozabocheckout_delete($txn) {
  db_query('DELETE FROM {ec_gozabocheckout} WHERE txnid = %d', $txn->txnid);
}

function gozabocheckout_save($txn) {
  //print"<h1>in checkoutapi</h1>TXNID: ".$txn->txnid."<BR>PPID: ".$txn->ppid."<PRE>";print_r($op);print "<HR>";
  /* print_r($txn); */

  if ($txn->txnid && $txn->ppid) {

    if (db_result(db_query("SELECT COUNT(txnid) FROM {ec_gozabocheckout} WHERE txnid = '%s'", $txn->txnid))) {
      db_query("UPDATE {ec_gozabocheckout} SET ppid = '%s', fee = '%s' WHERE txnid = '%d'", $txn->ppid, $txn->fee, $txn->txnid);
    }
    else {
      db_query("INSERT INTO {ec_gozabocheckout} (txnid, ppid, fee) VALUES (%d, '%s', '%s')", $txn->txnid, $txn->ppid, $txn->fee);
    }
  }

  //print "<PRE><H1>HERE WE ARE...having saved not a damn thing....</h1>";

  // let's see if we can create the multiple invoices here....kkkkkkkkkkkkkkk
  #print"<HR>";print_r( $txn->items );print "<HR>";

  // loop the list of products and re-organize them by vendor.
  // $owners = array();
  // foreach ( array_keys( $txn->items ) as $nid ) {
	  // $items[$nid] = node_load( $nid );
	  // $owners[ $items[$nid]->name ][] = $items[$nid];
  // }
// 
  // print"<HR><h1>OWNER DATA</h1>\n";
  // print_r( $owners );
  //exit; 

	//$owners = _gozabo_txn_to_owners($txn);

  // HERE

}

function gozabocheckout_ipn() {
  watchdog('IPN', "POST VAR:<PRE> " . sprint_r($_POST) . "</pre>" );
  $debug = "PayPal IPN Results\n";
  $debug .= "==================\n";
  $debug .= "Paypal says....\n<PRE>" . sprint_r($_POST) . "</pre>";

  // what this basically does:
  /*
   * 1) Receive a post from PAYPAL
   * 2) immediately post it back to PAYPAL(?)
   * 3) Paypal returns a status
   * 4) we act accordingly
   */

   /* step 1...paypal sends us a txnid (ec_mvmg.mvmgtxnid)
    * get the settings for that userstore so that we know who's who here.
    */

  $has_txn_key = false;
  $mvmgtxnid = 0;
  $i = array();
  /* Read the post from PayPal system and add 'cmd' */
  $req = 'cmd=_notify-validate';

  $debug=preg_replace("/\n/",'<BR>',$debug);
  //watchdog('IPN', $debug);;

  ksort($_POST); //easier for debugging
  // getting ahold of different items
  // $i = item array
  foreach ($_POST as $key => $value) {

    $debug .= "$key = $value\n";
    $debug = preg_replace("/\n/",'<BR>',$debug);
    //watchdog('IPN keyval', $debug);;

    if (strstr($key, 'item_number')) {

      if (strstr($value, 'txnid_')) {
        $mvmgtxnid = substr($value, strlen('txnid_'));
        $has_txn_key = true;
        $debug .= t("A MVMG Transaction ID exists and is #%key\n", array('%key' => $mvmgtxnid));
      }

      $i[substr($key, strlen('item_number'))] = $mvmgtxnid;
    }
    elseif (strstr($key, 'quantity')) {
      $quantity[substr($key, strlen('quantity'))] = $value;
    }
    elseif (strstr($key, 'item_name')) {
      $name[substr($key, strlen('item_name'))] = $value;
    }

    $value = urlencode(stripslashes($value));
    $req .= "&$key=$value";
  }
  $debug=preg_replace("/\n/",'<BR>',$debug);
  //watchdog('IPN Post Parse', $debug);;
  watchdog('IPN', "SORTED KEYS:<BR>".join("<BR>",$i) );;

  if ($mvmgtxnid) {
    $message = "IPN hit for $mvmgtxnid";
    watchdog('IPN', $message);
  }
  else {
    watchdog('IPN', t('ERROR. EXIT!<BR>IPN hit, no transaction ID given! All sorts of problems will ensue.'));
    exit;
  }

  // ok, right here we have at mvmgtxnid, get the  info for this particular transaction from the database (need receiver email, specifically)
  $statement = "SELECT  g.receiver_email FROM ec_mvmg LEFT JOIN ec_mvmg_userstore_settings AS g ON g.uid = ec_mvmg.vendor WHERE ec_mvmg.mvmgtxnid = $mvmgtxnid";
  watchdog("IPN","RECEIVER EMAIL SELECTION SQL<BR>$statement");
  $row = db_fetch_array( db_query( $statement ));
  $real_receiver_email = $row['receiver_email'];

  $has_shippable_item = false;
  foreach($i as $key => $value) {
    $pp_item = new StdClass();
    $pp_item->nid = $value;
    $pp_item->qty = $quantity[$key];
    $pp_item->title = $name[$key];
    $pp_item->price = null;

    if (product_is_shippable($pp_item->nid)) {
      $has_shippable_item = true;
    }

    $item[] = $pp_item;
  }

  /* Post back to PayPal system to validate */
  $ipnrb = parse_url('https://www.paypal.com/cgi-bin/webscr');
   if ($ipnrb['scheme']=='http') {
    $port= 80;
    $host=$ipnrb['host'];
  }
  else {
    $port= 443;
    $host="ssl://{$ipnrb['host']}";
  } 
  //$port = 443;
  //$host = "ssl://www.paypal.com/cgi-bin/webscr";

  $header = "POST {$ipnrb['path']} HTTP/1.0\r\n";
  $header .= "Host: {$ipnrb['host']}:$port\r\n";
  $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
  $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
  $fp = fsockopen($host, $port, $errno, $errstr, 30);

  /* Assign posted variables to local variables */
  $payment_status = $_POST['payment_status'];
  $fee            = $_POST['payment_fee'];
  $payment_amount = $_POST['mc_gross'];
  $ppid           = $_POST['txn_id'];
  $paypal_receiver_email = $_POST['receiver_email'];
  watchdog('IPN',"Paypal Acct Email = $paypal_receiver_email");
  watchdog('IPN',"Receiver email = $real_receiver_email");
  if ( $paypal_receiver_email == $real_receiver_email  ) {
    watchdog ('IPN','EMAILS are EQUAL.');
  }
  else {
    watchdog ('IPN','EMAILS NOT EQUAL. IPN WILL FAIL.');
  }

  if (!$fp) {
    // HTTP ERROR
    $debug .= t("An HTTP error occurred\n");
    watchdog('IPN','An HTTP error roccured trying to post to Paypal');
  }
  elseif ($ppid && $has_txn_key) { // We can't do much without a txn_id so the else below dies
    watchdog('IPN','doing fputs');
    fputs ($fp, $header . $req);
    while (!feof($fp)) {
      $res = fgets ($fp, 1024);
      watchdog('IPN',"res = $res<BR>paypal email = $paypal_receiver_email<BR>real receiver email = $real_receiver_email");
      watchdog('IPN',"0 = good...strcmp=" . strcmp( $res,'VERIFIED'));
      if (strcmp ($res, 'VERIFIED') == 0 && $paypal_receiver_email == $real_receiver_email ) {

        $debug .= t("PayPal has verified the transaction\n");
        watchdog('IPN', t("PayPal has verified the transaction"));

        $data['gross']          = $payment_amount;
        $data['fee']            = $fee;
        $data['payment_method'] = 'gozabocheckout';
        $data['payment_status'] = payment_get_status_id($payment_status);
        $data['ppid']           = $ppid;

        if ($has_txn_key) {
          $data['txnid'] = $mvmgtxnid;
        }
        else {
          $data['billing_firstname']  = $_POST['address_first_name'];
          $data['billing_lastname']   = $_POST['address_last_name'];
          $data['billing_street1']    = $_POST['address_street'];
          $data['billing_city']       = $_POST['address_city'];
          $data['billing_state']      = $_POST['address_state'];
          $data['billing_zip']        = $_POST['address_zip'];
          //$data['billing_country']    = store_get_country_id($_POST['address_country']);
          $data['billing_country']    = 'us';
          $data['items']              = $item;
          $data['uid']                = db_result(db_query("SELECT uid FROM {users} WHERE mail = '%s'", $_POST['payer_email']));
        }
        ksort($data);
        $debug .= "\nData being sent to store_transaction_save:\n===================================\n";
        foreach ($data as $key => $value) {
          $debug .= "$key = $value\n";
        }
        $debug .= "\n";

        // nothing is ever new...we're shoving ppid (paypal's txnid) into the ec_mvmg table
        // however we're also (below) going to always send an invoice email to the customer
        //$is_new = (db_result(db_query('SELECT COUNT(txnid) FROM {ec_gozabocheckout} WHERE ppid = %d', $ppid))) ? false : true;
        $is_new = 0;

        switch (strtoupper($payment_status)) {
          /* if referring to an initial purchase, this means the payment has
             been completed and the funds are successfully in your account
             balance. If referring to a reversal (i.e. txn_type= reversal ),
             then it means the reversal has been completed and funds have been
             removed from your account and returned to the customer */
          case 'COMPLETED':
              watchdog('IPN', t("PayPal status completed"));
              $data['payment_status'] = payment_get_status_id('completed');
              watchdog('IPN','Now, update status in ec_mvmg...');
              // If there are no shippable items, assume the transaction workflow is complete.
              // gozabo don't do shippin
              //if (!$has_shippable_item) {
                //$data['workflow'] = 6;
              //}

              // they were saving to the main ec_transaction table....
              // that serves no purpose here as we're avoiding the use of that table.
              // for that reason, we're doing to update our own table with those items from $data that matter
              //$txnid = store_transaction_save($data);

              // update and email
              _gozabo_transaction_status_update( $mvmgtxnid, $data['payment_status'] );
              watchdog('IPN','Now, email a notification.');
              _gozabo_transaction_emailer( 'confirmed', $mvmgtxnid, $data['payment_status'] );
              watchdog('IPN','Emailed.');
              
              // internal function to manage things like inventory through hook_productapi()
              // we call this same thing when a cod completes too
              _gozabo_completion_callback( $mvmgtxnid );
              watchdog("IPN","PRODUCT API FINISHED");

              // hook back to ec_roles
              _gozabo_roles_processor( $mvmgtxnid );
              watchdog("IPN","ROLES PROCESSOR FINISHED");


            break;

          /* The payment is pending; the pending_reason variable will give you
             more information. Note: You will receive another Instant Payment
             Notification when the payment becomes "Completed", "Failed", or "Denied" */
          case 'PENDING':
              watchdog('IPN', t("PayPal status pending"));
            // we already set stuff to pending.... email the user that it's not completed yet so that they know.
            $data['payment_status'] = payment_get_status_id('pending');
            _gozabo_transaction_status_update( $mvmgtxnid, $data['payment_status'] );
            //$txnid = store_transaction_save($data);
            _gozabo_transaction_emailer( 'pending', $mvmgtxnid, $data['payment_status'] );
            break;

          /* The payment has failed. This will only happen if the payment was
             made from your customer's bank account */
          case 'FAILED':
              watchdog('IPN', t("PayPal status failed"));
            $data['payment_status'] = payment_get_status_id('failed');
            _gozabo_transaction_status_update( $mvmgtxnid, $data['payment_status'] );
            _gozabo_transaction_emailer( 'failed', $mvmgtxnid, $data['payment_status'] );
            break;

          /* You, the merchant, denied the payment. This will only happen if the
             payment was previously pending due to one of the pending reasons below */
          case 'DENIED':
              watchdog('IPN', t("PayPal status denied"));
            $data['payment_status'] = payment_get_status_id('denied');
            //$txnid = store_transaction_save($data);
            _gozabo_transaction_status_update( $mvmgtxnid, $data['payment_status'] );
            _gozabo_transaction_emailer( 'denied', $mvmgtxnid, $data['payment_status'] );
            break;

          /* You, the merchant, refunded the payment. */
          case 'REFUNDED':
              watchdog('IPN', t("PayPal status refunded"));
            $data['payment_status'] = payment_get_status_id('refunded');
            _gozabo_transaction_status_update( $mvmgtxnid, $data['payment_status'] );
            _gozabo_transaction_emailer( 'refunded', $mvmgtxnid, $data['payment_status'] );
            //$txnid = store_transaction_save($data);
            break;

          /* This means a reversal has been canceled (e.g. you, the merchant,
             won a dispute with the customer and the funds for the transaction
             that was reversed have been returned to you) */
          case 'CANCELED':
              watchdog('IPN', t("PayPal status canceled"));
            $data['payment_status'] = payment_get_status_id('canceled');
            _gozabo_transaction_status_update( $mvmgtxnid, $data['payment_status'] );
            _gozabo_transaction_emailer( 'cancelled', $mvmgtxnid, $data['payment_status'] );
            //$txnid = store_transaction_save($data);
            break;

          default:
            /* Unkmown payment status */
            _gozabo_transaction_emailer( 'unknown', $mvmgtxnid, $data['payment_status'] );
              watchdog('IPN', t("PayPal status UNKNOWN"));
        }
        $debug .= t("Transaction has been processed.\n");
        watchdog('IPN', t("PayPal processing complete"));

      }
      else if (strcmp ($res, 'INVALID') == 0) {
        /* log for manual investigation */
        $debug .= t("The transaction has returned an invalid result from PayPal.\n");
        watchdog('IPN', t("PayPal reports INVALID"));
      }
      else {
        watchdog('IPN',"PAYPAL reports neither VERIFIED or INVALID...");
      }
    }
  }
  else {
    $debug .= t("Because there's no txnid, we didn't know what to do!\n");
    watchdog('IPN', t("Missing txnid caused exit"));
  }
  fclose ($fp);

    watchdog('IPN', t("Debugging output (also emailed to suydam@gmail.com):<BR>".$debug));
  // debug by default for now
  //if (variable_get('gozabocheckout_debug', 0)) {
    /*
    $filename = 'pp.txt';
    $handle = fopen($filename, 'a');
    fwrite($handle, $debug);
    close($handle);
    */

    $from       = 'suydam@gmail.com';
    $to         = $from;
    $subject    = t('GOZABO IPN debug debug results for'). ' '. variable_get('site_name', 'drupal');
    $body       = preg_replace("/<BR>/","\n",$debug);
    //$headers    = "Reply-to: $from\nX-Mailer: PHP\nReturn-path: $from\nErrors-to: $from";
    drupal_mail('ec_gozabocheckout_debug', $to, $subject, $body, $from);
  //}
}

function _gozabo_txn_to_owners( $txn )  {
  $owners = array();
  foreach ( array_keys( $txn->items ) as $nid ) {
	  $items[$nid] = </