Exemplo n.º 1
0
func (sp *StripePayment) handle(w http.ResponseWriter, r *http.Request, session *lobster.Session, frameParams lobster.FrameParams) {
	if !lobster.AntifloodCheck(lobster.ExtractIP(r.RemoteAddr), "payment_stripe_handle", 5) {
		lobster.RedirectMessage(w, r, "/panel/billing", lobster.L.FormattedError("try_again_later"))
		return
	}
	lobster.AntifloodAction(lobster.ExtractIP(r.RemoteAddr), "payment_stripe_handle")

	stripeToken := r.PostFormValue("stripeToken")
	amount, amountErr := strconv.Atoi(r.PostFormValue("amount"))
	currency := r.PostFormValue("currency")

	if stripeToken == "" || amount <= 0 || amountErr != nil || currency == "" {
		lobster.RedirectMessage(w, r, "/panel/billing", lobster.L.FormatError(fmt.Errorf("credit card payment failed due to form submission error")))
		return
	}

	// duplicate amount range check here since user might tamper with the amount in the form
	cfg := lobster.GetConfig()
	if amount < int(cfg.Billing.DepositMinimum*100) || amount > int(cfg.Billing.DepositMaximum*100) {
		lobster.RedirectMessage(w, r, "/panel/billing", lobster.L.FormattedErrorf("amount_between", cfg.Billing.DepositMinimum, cfg.Billing.DepositMaximum))
		return
	}

	chargeParams := &stripe.ChargeParams{
		Amount:   uint64(amount),
		Currency: stripe.Currency(currency),
		Source:   &stripe.SourceParams{Token: stripeToken},
		Desc:     "Lobster credit",
	}
	charge, err := sp.client.Charges.New(chargeParams)

	if err != nil {
		emailParams := StripeErrorEmail{
			fmt.Sprintf("error creating charge for user %d", session.UserId),
			err,
		}
		lobster.MailWrap(-1, "stripeError", emailParams, false)
		lobster.RedirectMessage(w, r, "/panel/billing", lobster.L.FormatError(fmt.Errorf("credit card payment error; make sure that you have entered your credit card details correctly")))
		return
	} else if !charge.Paid {
		emailParams := StripeErrorEmail{
			fmt.Sprintf("created charge for user %d but paid is false", session.UserId),
			nil,
		}
		lobster.MailWrap(-1, "stripeError", emailParams, false)
		lobster.RedirectMessage(w, r, "/panel/billing", lobster.L.FormatError(fmt.Errorf("credit card payment error; make sure that you have entered your credit card details correctly")))
		return
	}

	transaction := charge.Tx
	lobster.TransactionAdd(
		session.UserId,
		"stripe",
		charge.ID,
		"Stripe payment: "+charge.ID,
		int64(charge.Amount)*lobster.BILLING_PRECISION/100,
		transaction.Fee*lobster.BILLING_PRECISION/100,
	)
	lobster.RedirectMessage(w, r, "/panel/billing", lobster.L.Success("payment_made"))
}
Exemplo n.º 2
0
func (this *WHMCS) handleToken(w http.ResponseWriter, r *http.Request, db *lobster.Database, session *lobster.Session) {
	if session.IsLoggedIn() {
		lobster.RedirectMessage(w, r, "/panel/dashboard", lobster.L.Info("already_logged_in"))
		return
	}

	r.ParseForm()
	token := r.Form.Get("token")
	if len(token) != TOKEN_LENGTH {
		http.Error(w, "bad token", 403)
	}
	rows := db.Query("SELECT id, user_id FROM whmcs_tokens WHERE token = ? AND time > DATE_SUB(NOW(), INTERVAL 1 MINUTE)", token)
	if !rows.Next() {
		http.Error(w, "invalid token", 403)
	}
	var rowId, userId int
	rows.Scan(&rowId, &userId)
	rows.Close()
	db.Exec("DELETE FROM whmcs_tokens WHERE id = ?", rowId)
	session.UserId = userId // we do not grant admin privileges on the session for WHMCS login
	log.Printf("Authentication via WHMCS for user_id=%d (%s)", userId, r.RemoteAddr)
	lobster.LogAction(db, userId, lobster.ExtractIP(r.RemoteAddr), "Logged in via WHMCS", "")
	http.Redirect(w, r, "/panel/dashboard", 303)

}
Exemplo n.º 3
0
func panelSupportOpen(w http.ResponseWriter, r *http.Request, session *lobster.Session, frameParams lobster.FrameParams) {
	if r.Method == "POST" {
		form := new(SupportOpenForm)
		err := decoder.Decode(form, r.PostForm)
		if err != nil {
			http.Redirect(w, r, "/panel/support/open", 303)
			return
		}

		ticketId, err := ticketOpen(session.UserId, form.Name, form.Message, false)
		if err != nil {
			lobster.RedirectMessage(w, r, "/panel/support/open", L.FormatError(err))
		} else {
			lobster.LogAction(session.UserId, lobster.ExtractIP(r.RemoteAddr), "Open ticket", fmt.Sprintf("Subject: %s; Ticket ID: %d", form.Name, ticketId))
			http.Redirect(w, r, fmt.Sprintf("/panel/support/%d", ticketId), 303)
		}
		return
	}

	lobster.RenderTemplate(
		w,
		"panel",
		"support_open",
		lobster.PanelFormParams{Frame: frameParams, Token: lobster.CSRFGenerate(session)},
	)
}
Exemplo n.º 4
0
func adminSupportTicketClose(w http.ResponseWriter, r *http.Request, session *lobster.Session, frameParams lobster.FrameParams) {
	ticketId, err := strconv.Atoi(mux.Vars(r)["id"])
	if err != nil {
		lobster.RedirectMessage(w, r, "/admin/support", L.FormattedError("invalid_ticket"))
		return
	}
	ticketClose(session.UserId, ticketId)
	lobster.LogAction(session.UserId, lobster.ExtractIP(r.RemoteAddr), "Close ticket", fmt.Sprintf("Ticket ID: %d", ticketId))
	lobster.RedirectMessage(w, r, fmt.Sprintf("/admin/support/%d", ticketId), L.Success("ticket_closed"))
}
Exemplo n.º 5
0
func (this *WHMCS) handleConnector(w http.ResponseWriter, r *http.Request) {
	r.ParseForm()
	if lobster.ExtractIP(r.RemoteAddr) != this.ip || r.PostForm.Get("secret") != this.secret {
		w.WriteHeader(403)
		return
	}

	switch r.PostForm.Get("action") {
	case "register":
		email := r.PostForm.Get("email")
		userId, err := lobster.UserCreate(email, utils.Uid(16), email)
		if err != nil {
			log.Printf("Failed to register account via WHMCS: %s (email=%s)", err.Error(), email)
			http.Error(w, err.Error(), 400)
		} else {
			log.Printf("Registered account via WHMCS (email=%s)", email)
			w.Write([]byte(fmt.Sprintf("%d", userId)))
		}
	case "credit":
		userId, err := strconv.Atoi(r.PostForm.Get("user_id"))
		if err != nil {
			http.Error(w, err.Error(), 400)
			return
		}
		amount, err := strconv.ParseFloat(r.PostForm.Get("amount"), 64)
		if err != nil {
			http.Error(w, err.Error(), 400)
			return
		}
		userDetails := lobster.UserDetails(int(userId))
		if userDetails == nil {
			http.Error(w, "no such user", 400)
			return
		}
		lobster.UserApplyCredit(userId, int64(amount*lobster.BILLING_PRECISION), "Credit via WHMCS")
		w.Write([]byte("ok"))
	case "token":
		userId, err := strconv.Atoi(r.PostForm.Get("user_id"))
		if err != nil {
			http.Error(w, err.Error(), 400)
			return
		}

		token := utils.Uid(TOKEN_LENGTH)
		db := lobster.GetDatabase()
		db.Exec("DELETE FROM whmcs_tokens WHERE time < DATE_SUB(NOW(), INTERVAL 1 MINUTE)")
		db.Exec("INSERT INTO whmcs_tokens (user_id, token) VALUES (?, ?)", userId, token)
		w.Write([]byte(token))
	default:
		http.Error(w, "unknown action", 400)
	}
}
Exemplo n.º 6
0
func panelSupportTicketReply(w http.ResponseWriter, r *http.Request, session *lobster.Session, frameParams lobster.FrameParams) {
	ticketId, err := strconv.Atoi(mux.Vars(r)["id"])
	if err != nil {
		lobster.RedirectMessage(w, r, "/panel/support", L.FormattedError("invalid_ticket"))
		return
	}
	form := new(SupportTicketReplyForm)
	err = decoder.Decode(form, r.PostForm)
	if err != nil {
		http.Redirect(w, r, fmt.Sprintf("/panel/support/%d", ticketId), 303)
		return
	}

	err = ticketReply(session.UserId, ticketId, form.Message, false)
	if err != nil {
		lobster.RedirectMessage(w, r, fmt.Sprintf("/panel/support/%d", ticketId), L.FormatError(err))
	} else {
		lobster.LogAction(session.UserId, lobster.ExtractIP(r.RemoteAddr), "Ticket reply", fmt.Sprintf("Ticket ID: %d", ticketId))
		http.Redirect(w, r, fmt.Sprintf("/panel/support/%d", ticketId), 303)
	}
}